<?
$id      = $_GET["id"];
$event   = $_GET["event"];

if (isset($_GET['id']))
{
	$sql='select * from ebp_event_attachments where id=' . $id;
	$result=form_database_query($sql);                                         
    if($row = mysql_fetch_array($result, MYSQL_ASSOC))                                  
    {          
		$attachment_name = $row['attachment_name'];
		$attachment_type = $row['attachment_type'];
		$attachment_size = $row['attachment_size'];  
		$attachment_data = $row['attachment_data'];      
		
		header ('Content-Type: ' .  $attachment_type);
		echo base64_decode($attachment_data);                      
    }    
}

if (count($_FILES)>0)  // read uploaded files and add them to the user's config file
{
	foreach( $_FILES as $file_name => $file_array ) 
	{  
		$upload_path = $file_array['tmp_name'];
		$upload_name = $file_array['name'];
		$upload_type = $file_array['type'];
		$upload_size = $file_array['size'];  
		$upload_data=base64_encode(fread(fopen($upload_path, "r"), filesize($upload_path))); 
		$sql_attachment_query = 'INSERT INTO ebp_event_attachments (
		                          eventfk, attachment_name, attachment_type, attachment_size, attachment_data
								   ) VALUES (
								   ' . $event . ',
								   "' . $upload_name . '", 
								   "' . $upload_type . '", 
								   "' . $upload_size . '", 
								   "' . $upload_data . '"
								   )
								  ';
		#echo($sql_attachment_query); 
		form_database_query($sql_attachment_query); 
		?>
		<script language="javascript">
		opener.ReloadEventDetailAttachments ();
		self.close ();
		</script>
		
		<?
		 
	} 
} // end upload file handler 

                                                                       

function generic_data($server,$user,$password,$database,$query) {                                                       
    global $fatal;                                                      
    /* Accessing SQL-Server and querying table */                                                       
    MYSQL_CONNECT($server, $user, $password) or die ( $fatal." Server $server unreachable $user/$password" );                                                      
    MYSQL_SELECT_DB($database) or die ( $fatal." Database unreachable" );                                                        
    $result = @MYSQL_QUERY(stripslashes($query));                                                      
     if ($result)                                                      
     {                                                      
     }                                                      
     else                                                      
     {                                                      
             print ("</xmp><img src='http://www.cyber8.net/webservices/images/explorer/exclamation.gif' align=top>                                                      
             <b>A fatal MySQL error occured</b>.\n<br />Query:<xmp>                                                       
             " . $query . "</xmp><br />\nError: (" . mysql_errno() . ") <xmp>" . mysql_error() . "</xmp><br>                                                      
             <A HREF='javascript:history.back()'>Please try again</A>");                                                      
    MYSQL_CLOSE();                                     
             exit;                                                    
     }                                                      
                                                                   
    return $result;                                                        
    MYSQL_CLOSE();                                                      
}                                                      

function form_database_query($query) {                                                      
                                         
	$database="db261431068";                                                  
	$server="db1707.perfora.net" ;                                                 
	$user="dbo261431068";                                                  
	$password="wJ58aFYc" ;                                                    
   return generic_data($server,$user,$password,$database,$query);                                                       
}                                        

?>